Couldn't instantiate rest high level client with SSL enabled at HTTP layer.

When asking questions, please provide the following information:

Guys i have a cluster which is running with elasticsearch 5.6.2, and it has searchguard plugin enabled, also SSL is enabled for both the transport layer as well as the http layer, when i execute the following curl command from the terminal
curl -k -u user:password https://localhost:9200, the response is returned and its fine, but when i instantiate a high level rest client using the following code

    public RccRestClient()
throws NodeValidationException, IOException, CertificateException, NoSuchAlgorithmException,
KeyStoreException, KeyManagementException, UnrecoverableKeyException {
SSLContextBuilder sslBuilder = SSLContexts.custom()
    //.loadTrustMaterial(new File("/Users/kumard/Desktop/elasticsearch-5.6.2/config/truststore.jks"),"password".toCharArray());
            .loadKeyMaterial(new File("/Users/kumard/Desktop/elasticsearch-5.6.2/config/0-keystore.jks"),"password".toCharArray(),"password".toCharArray());
final SSLContext sslContext = sslBuilder.build();

final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
    new UsernamePasswordCredentials("user", "password"));

Header[] defaultHeaders = new Header[] {
    new BasicHeader("Authorization", "Basic " + encodeBase64("user:password".getBytes())) };
RestClientBuilder restClientBuilder = RestClient
    .builder(new HttpHost("localhost",
        Integer.valueOf("9200"), "https"))
    .setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
        @Override
        public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
            return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
        }
    });
//                .setHttpClientConfigCallback(
//                new RestClientBuilder.HttpClientConfigCallback() {
//                    @Override
// public HttpAsyncClientBuilder customizeHttpClient(
// HttpAsyncClientBuilder httpClientBuilder) {
// httpClientBuilder.setDefaultHeaders(Arrays.asList(defaultHeaders));
// httpClientBuilder.setSSLContext(sslContext);
// return httpClientBuilder;
// }
// }
//
// );
restClientBuilder.setMaxRetryTimeoutMillis(10000);
restClientBuilder.setDefaultHeaders(defaultHeaders);
restClientBuilder.setFailureListener(new RestClient.FailureListener() {
    @Override
    public void onFailure(HttpHost host) {
        LOGGER.error("Couldn't initialize Low Level Rest Client");
        System.exit(-1);
    }
});

i am getting IO exception saying with timeouts, there is no error being logged. what is the correct way to achieve this.

  • Search Guard and Elasticsearch version

  • Installed and used enterprise modules, if any

  • JVM version and operating system version

  • Search Guard configuration files

  • Elasticsearch log messages on debug level

  • Other installed Elasticsearch or Kibana plugins, if any

see search-guard-module-auditlog/src/main/java/com/floragunn/searchguard/httpclient/HttpClient.java at master · floragunncom/search-guard-module-auditlog · GitHub

···

Am 30.10.2017 um 09:16 schrieb Kutty Kumar <kutty.aarathorn@gmail.com>:

When asking questions, please provide the following information:

Guys i have a cluster which is running with elasticsearch 5.6.2, and it has searchguard plugin enabled, also SSL is enabled for both the transport layer as well as the http layer, when i execute the following curl command from the terminal
`curl -k -u user:password https://localhost:9200`, the response is returned and its fine, but when i instantiate a high level rest client using the following code

        public RccRestClient()
    throws NodeValidationException, IOException, CertificateException, NoSuchAlgorithmException,
    KeyStoreException, KeyManagementException, UnrecoverableKeyException {
    SSLContextBuilder sslBuilder = SSLContexts.custom()
        //.loadTrustMaterial(new File("/Users/kumard/Desktop/elasticsearch-5.6.2/config/truststore.jks"),"password".toCharArray());
                .loadKeyMaterial(new File("/Users/kumard/Desktop/elasticsearch-5.6.2/config/0-keystore.jks"),"password".toCharArray(),"password".toCharArray());
    final SSLContext sslContext = sslBuilder.build();

    final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
    credentialsProvider.setCredentials(AuthScope.ANY,
        new UsernamePasswordCredentials("user", "password"));

    Header defaultHeaders = new Header {
        new BasicHeader("Authorization", "Basic " + encodeBase64("user:password".getBytes())) };
    RestClientBuilder restClientBuilder = RestClient
        .builder(new HttpHost("localhost",
            Integer.valueOf("9200"), "https"))
        .setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
            @Override
            public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
                return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
            }
        });
    // .setHttpClientConfigCallback(
    // new RestClientBuilder.HttpClientConfigCallback() {
    // @Override
    // public HttpAsyncClientBuilder customizeHttpClient(
    // HttpAsyncClientBuilder httpClientBuilder) {
    // httpClientBuilder.setDefaultHeaders(Arrays.asList(defaultHeaders));
    // httpClientBuilder.setSSLContext(sslContext);
    // return httpClientBuilder;
    // }
    // }
    //
    // );
    restClientBuilder.setMaxRetryTimeoutMillis(10000);
    restClientBuilder.setDefaultHeaders(defaultHeaders);
    restClientBuilder.setFailureListener(new RestClient.FailureListener() {
        @Override
        public void onFailure(HttpHost host) {
            LOGGER.error("Couldn't initialize Low Level Rest Client");
            System.exit(-1);
        }
    });
i am getting IO exception saying with timeouts, there is no error being logged. what is the correct way to achieve this.

* Search Guard and Elasticsearch version
* Installed and used enterprise modules, if any
* JVM version and operating system version
* Search Guard configuration files
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/bd272c28-f257-456b-98e4-e0e165fd2d4d%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.

Here you are using java keystore.What should I do if I want to use client certificate authentication?

···

On Monday, October 30, 2017 at 1:46:02 PM UTC+5:30, Kutty Kumar wrote:

When asking questions, please provide the following information:

Guys i have a cluster which is running with elasticsearch 5.6.2, and it has searchguard plugin enabled, also SSL is enabled for both the transport layer as well as the http layer, when i execute the following curl command from the terminal
curl -k -u user:password https://localhost:9200, the response is returned and its fine, but when i instantiate a high level rest client using the following code

    public RccRestClient()
throws NodeValidationException, IOException, CertificateException, NoSuchAlgorithmException,
KeyStoreException, KeyManagementException, UnrecoverableKeyException {
SSLContextBuilder sslBuilder = SSLContexts.custom()
    //.loadTrustMaterial(new File("/Users/kumard/Desktop/elasticsearch-5.6.2/config/truststore.jks"),"password".toCharArray());
            .loadKeyMaterial(new File("/Users/kumard/Desktop/elasticsearch-5.6.2/config/0-keystore.jks"),"password".toCharArray(),"password".toCharArray());
final SSLContext sslContext = sslBuilder.build();

final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
    new UsernamePasswordCredentials("user", "password"));



Header[] defaultHeaders = new Header[] {
    new BasicHeader("Authorization", "Basic " + encodeBase64("user:password".getBytes())) };
RestClientBuilder restClientBuilder = RestClient
    .builder(new HttpHost("localhost",
        Integer.valueOf("9200"), "https"))
    .setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
        @Override
        public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
            return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
        }
    });
//                .setHttpClientConfigCallback(
//                new RestClientBuilder.HttpClientConfigCallback() {
//                    @Override
// public HttpAsyncClientBuilder customizeHttpClient(
// HttpAsyncClientBuilder httpClientBuilder) {
// httpClientBuilder.setDefaultHeaders(Arrays.asList(defaultHeaders));
// httpClientBuilder.setSSLContext(sslContext);
// return httpClientBuilder;
// }
// }
//
// );
restClientBuilder.setMaxRetryTimeoutMillis(10000);
restClientBuilder.setDefaultHeaders(defaultHeaders);
restClientBuilder.setFailureListener(new RestClient.FailureListener() {
    @Override
    public void onFailure(HttpHost host) {
        LOGGER.error("Couldn't initialize Low Level Rest Client");
        System.exit(-1);
    }
});

i am getting IO exception saying with timeouts, there is no error being logged. what is the correct way to achieve this.

  • Search Guard and Elasticsearch version
  • Installed and used enterprise modules, if any
  • JVM version and operating system version
  • Search Guard configuration files
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

I am using high level rest client, and I am just trying to use the account and password to connect to the cluster. I don’t know about certificate verification. You can check the description in this link.

Kasinaat Selvi Sukesh kasinaat007@gmail.com于2019年1月25日 周五下午6:34写道:

···

Here you are using java keystore.What should I do if I want to use client certificate authentication?

On Monday, October 30, 2017 at 1:46:02 PM UTC+5:30, Kutty Kumar wrote:

When asking questions, please provide the following information:

Guys i have a cluster which is running with elasticsearch 5.6.2, and it has searchguard plugin enabled, also SSL is enabled for both the transport layer as well as the http layer, when i execute the following curl command from the terminal
curl -k -u user:password https://localhost:9200, the response is returned and its fine, but when i instantiate a high level rest client using the following code

    public RccRestClient()
throws NodeValidationException, IOException, CertificateException, NoSuchAlgorithmException,
KeyStoreException, KeyManagementException, UnrecoverableKeyException {
SSLContextBuilder sslBuilder = SSLContexts.custom()
    //.loadTrustMaterial(new File("/Users/kumard/Desktop/elasticsearch-5.6.2/config/truststore.jks"),"password".toCharArray());
            .loadKeyMaterial(new File("/Users/kumard/Desktop/elasticsearch-5.6.2/config/0-keystore.jks"),"password".toCharArray(),"password".toCharArray());
final SSLContext sslContext = sslBuilder.build();

final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
    new UsernamePasswordCredentials("user", "password"));



Header[] defaultHeaders = new Header[] {
    new BasicHeader("Authorization", "Basic " + encodeBase64("user:password".getBytes())) };
RestClientBuilder restClientBuilder = RestClient
    .builder(new HttpHost("localhost",
        Integer.valueOf("9200"), "https"))
    .setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
        @Override
        public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
            return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
        }
    });
//                .setHttpClientConfigCallback(
//                new RestClientBuilder.HttpClientConfigCallback() {
//                    @Override
// public HttpAsyncClientBuilder customizeHttpClient(
// HttpAsyncClientBuilder httpClientBuilder) {
// httpClientBuilder.setDefaultHeaders(Arrays.asList(defaultHeaders));
// httpClientBuilder.setSSLContext(sslContext);
// return httpClientBuilder;
// }
// }
//
// );
restClientBuilder.setMaxRetryTimeoutMillis(10000);
restClientBuilder.setDefaultHeaders(defaultHeaders);
restClientBuilder.setFailureListener(new RestClient.FailureListener() {
    @Override
    public void onFailure(HttpHost host) {
        LOGGER.error("Couldn't initialize Low Level Rest Client");
        System.exit(-1);
    }
});

i am getting IO exception saying with timeouts, there is no error being logged. what is the correct way to achieve this.

  • Search Guard and Elasticsearch version
  • Installed and used enterprise modules, if any
  • JVM version and operating system version
  • Search Guard configuration files
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/031e8d6b-2632-46c5-93e8-9d1b09b410eb%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

see https://gist.github.com/floragunncom/e1807599f0fa9c9338ffcb0ac45b27d1

···

Am 25.01.2019 um 14:04 schrieb 秋明本 <qiumingben@gmail.com>:

I am using high level rest client, and I am just trying to use the account and password to connect to the cluster. I don't know about certificate verification. You can check the description in this link.
Accesiblty of index through java code - ReadonlyREST Community

Kasinaat Selvi Sukesh <kasinaat007@gmail.com>于2019年1月25日 周五下午6:34写道:
Here you are using java keystore.What should I do if I want to use client certificate authentication?

On Monday, October 30, 2017 at 1:46:02 PM UTC+5:30, Kutty Kumar wrote:
When asking questions, please provide the following information:

Guys i have a cluster which is running with elasticsearch 5.6.2, and it has searchguard plugin enabled, also SSL is enabled for both the transport layer as well as the http layer, when i execute the following curl command from the terminal
`curl -k -u user:password https://localhost:9200`, the response is returned and its fine, but when i instantiate a high level rest client using the following code

        public RccRestClient()
    throws NodeValidationException, IOException, CertificateException, NoSuchAlgorithmException,
    KeyStoreException, KeyManagementException, UnrecoverableKeyException {
    SSLContextBuilder sslBuilder = SSLContexts.custom()
        //.loadTrustMaterial(new File("/Users/kumard/Desktop/elasticsearch-5.6.2/config/truststore.jks"),"password".toCharArray());
                .loadKeyMaterial(new File("/Users/kumard/Desktop/elasticsearch-5.6.2/config/0-keystore.jks"),"password".toCharArray(),"password".toCharArray());
    final SSLContext sslContext = sslBuilder.build();

    final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
    credentialsProvider.setCredentials(AuthScope.ANY,
        new UsernamePasswordCredentials("user", "password"));

    Header defaultHeaders = new Header {
        new BasicHeader("Authorization", "Basic " + encodeBase64("user:password".getBytes())) };
    RestClientBuilder restClientBuilder = RestClient
        .builder(new HttpHost("localhost",
            Integer.valueOf("9200"), "https"))
        .setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
            @Override
            public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
                return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
            }
        });
    // .setHttpClientConfigCallback(
    // new RestClientBuilder.HttpClientConfigCallback() {
    // @Override
    // public HttpAsyncClientBuilder customizeHttpClient(
    // HttpAsyncClientBuilder httpClientBuilder) {
    // httpClientBuilder.setDefaultHeaders(Arrays.asList(defaultHeaders));
    // httpClientBuilder.setSSLContext(sslContext);
    // return httpClientBuilder;
    // }
    // }
    //
    // );
    restClientBuilder.setMaxRetryTimeoutMillis(10000);
    restClientBuilder.setDefaultHeaders(defaultHeaders);
    restClientBuilder.setFailureListener(new RestClient.FailureListener() {
        @Override
        public void onFailure(HttpHost host) {
            LOGGER.error("Couldn't initialize Low Level Rest Client");
            System.exit(-1);
        }
    });
i am getting IO exception saying with timeouts, there is no error being logged. what is the correct way to achieve this.

* Search Guard and Elasticsearch version
* Installed and used enterprise modules, if any
* JVM version and operating system version
* Search Guard configuration files
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/031e8d6b-2632-46c5-93e8-9d1b09b410eb%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CADZDP89hscehO6cME%2BKFGhDCEOk91NRz0Pz9zx3Y_rcY4X_enQ%40mail.gmail.com\.
For more options, visit https://groups.google.com/d/optout\.